A new combined strategy to intrusion detection

Sodiya, A. S.; Longe, H. O. D.

Artykuł - szczegóły

Tytuł artykułu

A new combined strategy to intrusion detection

Autorzy

Sodiya A. S. , Longe H. O. D.

Wybrane pełne teksty z tego czasopisma

https://eczasopisma.p.lodz.pl/JACS/issue/archive

Identyfikatory

Warianty tytułu

Języki publikacji

Abstrakty

Researchers haw used so many techniques in designing intrusion detection systems (IDS) and we still do not have an effective one. The interest in this work is to combine techniques of data mining and expert system in designing an effective anomaly-based IDS. We believe that combining methods may give better coverage, and wake the detection more effective. The Idea is to mine system audit data for consistent and useful patterns of users behaviour, and then keep these normal behaviours in profiles. We then use expert system as our detection system that recognizes anomalies, and raises an alarm. The evaluation of the intrusion detection system designed allows that detection efficiency and false alarm rate problems of IDS are greatly unproved upon.

Słowa kluczowe

IDS intrusion detection systems (IDS) information security Internet security network security

IDS systemy wykrywania włamań ochrona informacji bezpieczeństwo Internetu bezpieczeństwo sieci

Wydawca

Wydawnictwo Politechniki Łódzkiej

Czasopismo

Journal of Applied Computer Science

Rocznik

2004

Tom

Vol. 12, nr 1

Strony

97--116

Opis fizyczny

Bibliogr. 30 poz.

Twórcy

autor

Sodiya A. S.

Mathematical Sciences, University of Agroculture, Abeokuta, Ogun State, Nigeria

autor

Longe H. O. D.

Mathematical Sciences, University of Agroculture, Abeokuta, Ogun State, Nigeria

Bibliografia

[1] Anderson, Lunt, Javits, Tamaru and Valdes: N1DES: Software Users Manual ó Beta- Update Release, December 1994. Available at: http://www.sdl.sri.com/papers/7sri/.
[2] Bass T.: Intrusion detection systems and multisensor data fusion. Communications of the ACM, 43(4):99-105, April 2000.
[3] Banks J., Carson J. S., Nelson B. L.: Discrete-Event System Simulation. Prentice Hall, New Jersey, 1996.
[4] Daniels T., Spafford E.: A network audit system for host-based intrusion detection (NASHID) in linux. In Proceedings of the Annual Computer Security Applications Conference, New Orleand, LA, Dec 2000.
[5] Debar H., Dacier M., Wespi A., Lampart S.: An experimentation workbench for intrusion detection systems. Technical Report RZ2998, IBM Research Division, Zurich Research Laboratory, Zurich, Switzerland, March 1998.
[6] Denning D. E., Neumann P.G.: Requirements and model for IDES—a real-time intrusion detection expert system. Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA 94025-3493, USA, 1985.
[7] Durst R., Champion T., Witten B., Miller E., Spagnuolo L.: Testing and evaluating computer intrusion detection systems. Communications of the ACM, 42(7): 53-61, July 1999.
[8] Fawcett T., Provost F.: Combining data mining and machine learning for effective user profiling. In Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (KDD-96), pages 8-13,1996.
[9] Forrest S., Hofmeyr S. A., Somayaji A., Longstaff T. A.: A sense of self for Unix processes. In Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, pages 120,128. IEEE Computer Society Press, 1996.
[10] Hedbom H., Kvarnstrom H., Jonsson E.: Security implications of distributed intrusion detection architectures. In Proceedings of the Fourth Nordic Workshop on Secure IT Systems (NordSec99), Stockholm, Sweden, November 1999.
[11] Holshemier M. & Siebes A.: Analogy with data mining process. In the Proceeding of conference on Knowledge discovery in databases. 1996.
[12] Ilgun K.: USTAT: A real-time intrusion detection system for UNIX. In Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy, pages 16-28, Oakland, CA, 1993.
[13] Kumar S., Spafford E. H.: A pattern matching model for misuse intrusion detection. In Proceedings of the 17th National Computer Security Conference, pages 11-21, Baltimore, MD, October 1994.
[14] Kumar S.: Classification and detection of computer intrusions. PhD thesis, Purdue University, West Lafayette, Indiana, August 1995.
[15] Lane T., Brodley C. E.: Temporal sequence learning and data reduction for anomaly detection. In Proceedings of the 5th Conference on Computer & Communications Security, Pages 150-158, San Francisco, CA, USA, November 2-5 1998. ACM, ACM Special Interest Group.
[16] Law A. M., Kelton W. D.: Simulation modeling and analysis. McGraw-Hill, New York. 1999.
[17] Lee W., Stolfo S. J., Chan P. K., Wofan E. E., Miller M., Hershkop S., Zhang J.: Real Time Data Mining-based intrusion Detection http://www.cs.columbia.edu/ids.2001.
[18] Lee W., Stolfo S. J., Chan P. K., Wofan E. E, Miller M., Hershkop S., Zhang J.: Real Time Data Mining-based intrusion Detection http://www.cs.columbia.edu/ids.2001.
[19] Lee W., Stolfo S. J., Mok K. W.: A data mining framework for building intrusion detection models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 120-132, Oakland, California, May 9-12,1999. IEEE Computer Society Press, Los Alamitos, California.
[20] Lee W., Stolfo S. J.: Data mining approaches for intrusion detection. In proceedings of the 1998 USENIX Security Symposium, 1998.
[21] Lee W., Stolfo S. J., Mok K. W.: Algorithm for mining audit data. [In:] T. Y. Lin, editor, Granular computing and data mining. Springer-Verlag, 2000.
[22] Lippman R. P., Fried D. J., Graaf I., Haines J. W., Kendall K. R., McClung D., Weber D., Webster S.E., Wyschogrod D., Cunningham R. K., Zissman M.A.: Evaluating intrusion detection systems: The 1998 DARPA offline intrusion detection evaluation. [In:] DISCEX 2000. IEEE Computer Society Press, January 2000.
[23] Lundin E., Jonsson E.: Privacy vs intrusion detection analysis. [In:] Proceedings of the Second International Workshop on the Recent Advances in Intrusion Detection - RAID'99, West Lafayette, Indiana, USA, September 7-9,1999.
[24] Lundin E., Jonsson E.: Survey of Intrusion Detection Research. Technical Report nr. 02-04. 2002 Department of Computer Engineering, CHALMERS UNIVERSITY OF TECHNOLOGY, Gteborg, Sweden, 2002.
[25] Mounji A.: Languages and Tools for Rule-Based Distributed Intrusion Detection. PhD thesis, Facult'e Universitaire Notre de la Paix de Namur, Belgium, September 1997.
[26] Paxon V. Bro.: A system for detecting network intruders in realtime. [In:] Proceedings of the Seventh USENIX Security Symposium, pages 31-51, San Antonio, Texas, January 1998. USENIX.
[27] Puketza N. J., Zhang K., Chung M., Mukherjee B., Olsson R.A.: A methodology for testing intrusion detection systems. Software Engineering, 22(10):719-729,1996.
[28] Shipley (1999), Intrusion Detection, Take Two, Network Computing, 15 November, 1999. http://www.nwc.com/1023/1023fl.html
[29] Snapp S. R., Smaha S. E., Teal D. M., Grance T.: The DIDS (distributed intrusion detection system) prototype. [In:] Proceedings of the Summer USENIX Conference, pages 227-233, San Antonio, Texas, June 8-12 1992. USENIX Association.
[30] Valdes A., Skinner K.: Probabilistic alert correlation. In Recent Advances in Intrusion Detection (RAID 2001), number 2212 in Lecture Notes in Computer Science, Davis, California, October 2001. Springer-Verlag

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-article-LOD7-0027-0075